204 – Insufficient data authenticity validation

Description

The application does not control on the server if someone have permission to modify certain fields and allows to use invalid data in some fields, for example non-existing names.

Impact

Inject potentially malicious characters into application fields.

Recommendation

Validate on the server side the types of data that are entered into different types of fields in the application.

Threat

Authorized user from Internet.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 096 - Set user's required privileges
• 176 - Restrict system objects
• 264 - Request authentication
• 320 - Avoid client-side control enforcement

Fixes

• Csharp
• Dart
• Elixir
• Go
• Java
• Python
• Ruby
• Scala
• Swift
• Typescript

Last updated

2024/02/16